Amazon and passwordless login UX

I signed into the German Amazon Retail site, today, and I saw a new sign-in flow. Being a UX nerd, I took photos and immediately took to twitter.

Here’s what I saw.

Look! Only one thing being requested!

The first change is that like Google, and Eventbrite, they only ask for one thing per page now.

This roughly translates as ‘login’ , and ’email address or phone number’, then ‘continue’/

Next! No password requested!

Sometimes you might get the option to sign in with a password, but Amazon is also testing this as way in, where they send an email with a one-time-use login code to your email address instead of asking for your password. This is good, as most of us have terrible password hygiene (not you obviously though – I know you use a password manager, but the chances you have family members who don’t, and also use the Amazon website).

A one time code, sent to your email, instead of a password

What you get sent to your address is this – the one time code, and some reassuring copy about taking your security seriously. Interestingly though – there’s no link to click to get to Amazon at all. This feels like a good anti-phishing pattern.

I’m happy sharing a one time code in a screenshot here, because well… it’s a one time code – you can only use it once. You might be able to social engineer access if you called Amazon, and said this code wasn’t working, but the solution I hope they would give would be to tell me to generate a new code, or go through some escalated process to prove who I was.

Why I like this

As I mentioned before, most of us are terrible at managing passwords, so moving us away from relying on terrible passwords as a default as feels like a win.

Things I wish it did – chunking

I don’t understand why these services don’t chunk numbers longer than 3 digits to make them easier to read, or type in.

As an example, Google Authenticator does this chunking trick, and I think it makes it easier to read the numbers.

How many people are getting this?

I’m curious if this is a widespread experiment – if you see it too, and have opinions on it, let me know.

Also, I’m considering writing a piece about the common pitfalls when implementing passwordless logins, based on my own experience over the last few months. If I get say… 15 faves/likes, it’ll justify me writing a more in-depth article, as it turns out there are quite a few non-obvious pitfalls along the way.

My guess right now is that it *might* make copying and pasting harder on mobile, but beyond that, it mystifies me. BTW: fave this if you want me to write an extended blog post about chunking and passwordless UX in general. I’ve done it wrong a fair few times in the last 3 months!